Baldwin Wallace Students participated in the National Collegiate Penetration Testing Competition on October 11. NCPTC brings student-led college cybersecurity teams together to see who can best perform real-life penetration testing engagement for an actual organization. Though Baldwin Wallace’s six student team did not place in the remote event, they did gain experience and insight into the intricacies of cybersecurity and the penetration testing process.

NCPTC was fully remote this year, with ten colleges including BW participating in the event.

Senior cybersecurity analytics major Joshua Bell led the BW NCPTC team as the Cyber Defense Team Alpha Captain, having participated for three years in a row.

Led by Bell and advised by computer science associate professor Kenneth Atchinson, the team included students Lauren Driscoll, Eshak Shenouda, Anthony Rodriguez, Jon Huebner, and Dylan Brown.

The team prepared for the competition remotely. They spent their practices conducting research and going back to the reports written by other schools’ teams during past competitions.

Penetration testing is when a network is tested by means of authorized hacking. Firms hire cybersecurity experts to attempt to breach and exploit vulnerabilities in their network to see where their system is falling short.

Bell commented on the penetration testing process, and how hacking is more meticulous and less dramatic than how the media portrays it.

“There’s steps to pen testing. You don’t just go into a network hacking in saying ‘I’m in!’ with a weird hacker overtone and sunglasses,” said Bell, “You have to do a lot of reconnaissance and research.”

Bell further described how they start reconnaissance with an IP Range. This is when the team takes a large list of IP addresses that go to different devices. They scan this network with a program called NMAP to find devices, then find possible entry points and passwords to breach these devices.

The competition culminates in writing and submitting a report for the company that teams do the penetration testing for. Once the competition concludes teams have seven and a half hours to write a comprehensive report, said Atchinson.

Baldwin Wallace has participated in NCPTC for several years, each yearly competition had a new challenge with a distinct theme.

This year, competitors handled a penetration testing challenge for a small power company. The first year, they investigated corporate espionage for a self-driving car company.

“Last year it was a bank,” said Atchinson. “The bank had their ATMs. At the national level, they looked at an ATM to see how they could break in.”

Team members come from all disciplines with a curiosity for cybersecurity and a love for creative problem solving.

Computer Science professor Dr. Brian Krupp recommends that his students, and anyone else curious about penetration testing, get involved with NCPTC or other cybersecurity events.

“In a cybersecurity competition students see problems that are not only more real and more practical, but they also have to work with one another to solve these problems,” said Krupp.

For students curious about cybersecurity, Atchinson recommends beginning with participation in the National Cyber League. NCL is another competition that involves cybersecurity, as well as creative puzzle-solving and building diagnostic skills.

The sign-up for both NCPTC and NCL has passed, but they will happen again next year.

Contact Professor Atchinson at [email protected] to learn more about cybersecurity and how to get involved.